GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-08 08:06:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: dlj3iuqy.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\fwddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4972] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5044] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 00000001720d2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075575ea5 5 bytes JMP 00000001720d2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5056] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755a9d0b 5 bytes JMP 00000001720d2a70 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text D:\Programy\AIMP3\AIMP3.exe[2832] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076f6fc10 5 bytes JMP 0000000100283150 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000076f6ffdc 5 bytes JMP 0000000100283183 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000076f70804 5 bytes JMP 0000000100283173 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f7090c 5 bytes JMP 0000000100283193 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!Beep 0000000076408535 5 bytes JMP 00000001002831ce .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!OpenProcess 000000007640e788 5 bytes JMP 0000000100283131 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 0000000100282fd8 .text C:\Windows\SysWOW64\rundll32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!CreateFileW 000000007641b840 5 bytes JMP 0000000100283021 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075de1f1e 7 bytes JMP 00000001720d3c50 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075de5bb5 7 bytes JMP 00000001720d4290 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075df1411 7 bytes JMP 00000001720d3ea0 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dfea3d 7 bytes JMP 00000001720d3c40 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e888dc 7 bytes JMP 00000001720d36c0 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e88961 5 bytes JMP 00000001720d3770 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e88cb7 5 bytes JMP 00000001720d36d0 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 000000007641130f 5 bytes JMP 00000001720d3680 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764113bd 5 bytes JMP 00000001720d3640 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076412097 5 bytes JMP 00000001720d3780 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764122fd 5 bytes JMP 00000001720d3480 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e9a2 5 bytes JMP 00000001720d2c60 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647ebdc 5 bytes JMP 00000001720d2c70 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 00000001720d3400 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 00000001720d3470 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 00000001720d2960 .text C:\logi\dlj3iuqy.exe[2688] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 00000001720d33e0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [1800:2036] 00000000002b01d0 Thread C:\Windows\SysWOW64\rundll32.exe [1800:2040] 00000000002d9260 Thread C:\Windows\SysWOW64\rundll32.exe [1800:1204] 00000000002d8020 Thread C:\Windows\SysWOW64\rundll32.exe [1800:2204] 0000000000b8144b Thread C:\Windows\SysWOW64\ntdll.dll [2440:2444] 000000000138ff1f Thread C:\Windows\SysWOW64\ntdll.dll [2440:2680] 0000000070858f48 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2736] 0000000070858f48 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2760] 00000000709e20b0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2392] 000000006eee99b0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:3988] 000000006e9268f0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:3132] 000000006e9268f0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:3120] 000000006e9268f0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2508] 000000006e924590 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2056] 000000006e9268f0 Thread C:\Windows\SysWOW64\ntdll.dll [2440:2792] 000000006eedbc50 Thread C:\Windows\SysWOW64\ntdll.dll [2440:4300] 000000006eedc570 Thread C:\Windows\SysWOW64\ntdll.dll [2440:3096] 0000000071e062ee Thread C:\Windows\SysWOW64\ntdll.dll [3108:3112] 00000000001a6a3e Thread C:\Windows\SysWOW64\ntdll.dll [3108:3296] 00000000734b32fb Thread C:\Windows\SysWOW64\ntdll.dll [5072:5076] 0000000000068bf7 Thread C:\Windows\SysWOW64\ntdll.dll [5072:4140] 00000000703c7832 Thread C:\Windows\SysWOW64\ntdll.dll [5072:1232] 000000006f031d10 Thread C:\Windows\SysWOW64\ntdll.dll [5072:1228] 000000006f030c80 Thread C:\Windows\SysWOW64\ntdll.dll [5072:1448] 000000006f031740 Thread C:\Windows\SysWOW64\rundll32.exe [2476:4132] 0000000000190000 Thread C:\Windows\SysWOW64\rundll32.exe [2476:2768] 00000000002811f5 Thread C:\Windows\SysWOW64\rundll32.exe [2476:4072] 00000000002813c0 Thread C:\Windows\SysWOW64\rundll32.exe [2476:4092] 00000000734b32fb Thread C:\Windows\SysWOW64\rundll32.exe [2476:4284] 000000000028184a Thread C:\Windows\SysWOW64\rundll32.exe [2476:3224] 00000000002a3927 Thread C:\Windows\SysWOW64\rundll32.exe [2476:3976] 00000000002846c2 Thread C:\Windows\SysWOW64\rundll32.exe [2476:2376] 000000000029445b Thread C:\Windows\SysWOW64\rundll32.exe [2476:3604] 0000000071e062ee Thread C:\Windows\SysWOW64\rundll32.exe [2476:4900] 0000000000286d8f Thread C:\Windows\SysWOW64\rundll32.exe [2476:4480] 0000000062f7dac7 Thread C:\Windows\SysWOW64\rundll32.exe [2476:184] 0000000000287489 Thread C:\Windows\SysWOW64\rundll32.exe [2476:3956] 0000000062f7dac7 Thread C:\Windows\SysWOW64\rundll32.exe [2476:2460] 0000000000286d8f Thread C:\Windows\SysWOW64\rundll32.exe [2476:1216] 0000000000286d8f ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----